Write-ups

Check The Published Writeups

Reset
WDBTitleTagsProgramsAuthorsTypePublicationAdded
2121Use-After-Free in Voice Control: CVE-2021-30902 Write-up Memory corruption Apple 08Tc3wBB (@08Tc3wBB) Bug Bounty2021-10-272023-06-13
2120Easy SSRF from Wayback Machine SSRF NA Khaled Mohamed (@0xElkomy) Bug Bounty2021-10-272023-06-13
2119Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD Broken authentication Authentication flaw GoCD Sonar (@SonarSource) Bug Bounty2021-10-272023-06-13
2118Unauthorized access to any user’s account. IDOR Authentication bypass Account takeover NA vikram naidu (@ImVikram7msd) Bug Bounty2021-10-282023-06-13
2117Unauthenticated Cache Purge Unauthenticated cache purge Lenovo Priyansh Bansal (@PriyanshB25) Bug Bounty2021-10-282023-06-13
2116Apple XAR – Arbitrary File Write (CVE-2021-30833) Arbitrary file write Apple Richard Warren (@buffaloverflow) Bug Bounty2021-10-282023-06-13
2115A journey from XML External Entity (XXE) to NTLM hashes! XXE NA Shubham Chaskar (@chaskar_shubham) Bug Bounty2021-10-282023-06-13
2114Write Up – XSS Stored In api.media.atlassian.com Via Doc File (iOS) Stored XSS Atlassian Omar Espino (@omespino) Bug Bounty2021-10-282023-06-13
2113Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection SIP bypass Local Privilege Escalation Apple Microsoft Security Vulnerability Research (MSVR) Bug Bounty2021-10-282023-06-13
2112How I was able to access a properly Configured S3 Bucket Leaked AWS keys Information disclosure NA Pawan Chhabria (@heybenchmarkkk) Bug Bounty2021-10-282023-06-13
2111One misconfiguration to rule them all Information disclosure Debug mode enabled NA Sushant Soni (@sushantsoni5392) Bug Bounty2021-10-292023-06-13
2110How I found Command Injection via Obsolete PHPThumb OS command injection RCE NA Sushant Kamble Bug Bounty2021-10-302023-06-13
2109This is how i was able to Permanently Crash all Mapillary users within minutes Application-level DoS Meta / Facebook Abhishek Pathak (@pathleax) Bug Bounty2021-10-312023-06-13
2108Never Give Up — Story of Hacking Dutch Government and Earning that Dutch Swag. IDOR Dutch Government BabaBounty (@Rohan96867358) Bug Bounty2021-10-312023-06-13
2107How i made 500$ with XSS XSS Account takeover NA Nassim Chami (@nvccim) Bug Bounty2021-11-012023-06-13
2106Sitecore Experience Platform Pre-Auth RCE - CVE-2021-42237 RCE Insecure deserialization Security code review Sitecore Shubham Shah (@infosec_au) Bug Bounty2021-11-012023-06-13
2105A Technical Analysis of CVE-2021-30864: Bypassing App Sandbox Restrictions Local Privilege Escalation MacOS Apple Perception Point (@PerceptionPo1nt) Bug Bounty2021-11-032023-06-13
2104Fiverr email restriction bypassed | Bounty 100$ Logic flaw Fiverr Maruf Hosan Bug Bounty2021-11-042023-06-13
2103HacktoberFest2k21 vulnerability: How users metadata can be changed via Auth JWT tokens leaking from waybackurls IDOR DigitalOcean Anurag__Verma Bug Bounty2021-11-042023-06-13
2102Multiple Concrete CMS Vulnerabilities ( Part1 – RCE ) RCE Race condition Concrete CMS FORTBRIDGE (@FORTBRIDGE1) Bug Bounty2021-11-052023-06-13
2101Unauthenticated Access To Cloud Portal — A 🚪 Without 🗝️ Authentication bypass NA Yukesh Kumar (@3th1c_yuk1) Bug Bounty2021-11-052023-06-13
20994 Crits in 48 hours: Unicorn Programs Privilege escalation Information disclosure IDOR NA Monke (@pmofcats) Bug Bounty2021-11-062023-06-13
2098Insufficient Redirect URI validation: The risk of allowing to dynamically add arbitrary query parameters and fragments to the redirect_uri OAuth Prototype pollution GitHub Microsoft StackExchange Lauritz Holtmann (@_lauritz_) Bug Bounty2021-11-062023-06-13
2097SONY Hunting I: Discovering Hidden Parameters (5x SWAG) Open redirect Sony can1337 (@canmustdie) Bug Bounty2021-11-072023-06-13
2096How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes SQL injection NA Mahmoud Youssef (@0xmahmoudjo0) Bug Bounty2021-11-072023-06-13